1601

If the task is to write firewall specifications for the preparation of a(n) ____, the planner would note that the deliverable is a specification document suitable for distribution to vendors.

RFP

The goal of the __________ is to resolve any pending project-related issues, critique the overall effort of the project, and draw conclusions about how to improve the project management process for the future.

Wrap up

The date for sending the final RFP to vendors is considered a(n) ____, because it signals that all RFP preparation work is complete.

milestone

In the __________ process, measured results are compared against expected results.

negative feedback loop

A __________ is usually the best approach to security project implementation.

phased implementation

In a __________ implementation, the entire security system is put in place in a single office, department, or division before expanding to the rest of the organization.

pilot

Tasks or action steps that come after the task at hand are called __________.

Successors

The ____ methodology has been used by many organizations, requires that issues be addressed from the general to the specific, and that the focus be on systematic solutions instead of individual problems.

bull's eye

A(n) __________, used to justify the project is typically prepared in the analysis phase of the SecSDLC, must be reviewed and verified prior to the development of the project plan. A) RFP B) WBS C) SDLC D) CBA

D) CBA

Many public organizations must spend all budgeted funds within the fiscal year - otherwise, the subsequent year's budget is __________. A) increased by the unspent amount B) not affected unless the deficit is repeated C) automatically audited for questionable expenditures D) reduced by the unspent amount

D) reduced by the unspent amount

Some cases of __________ are simple, such as requiring employees to begin using a new password on an announced date.

Direct changeover

The Lewin change model includes __________. A) unfreezing B) moving C) refreezing D) All of the above

d. all of the above

The SecSDLC involves which of the following activities? A) ​collecting information about an organization's objectives B) ​​collecting information about an organization's information security environment C) ​​collecting information about an organization's technical architecture D) ​all of the above

d. ​all of the above

Technology __________ guides how frequently technical systems are updated, and how technical updates are approved and funded

governance

The __________ level of the bull's-eye model establishes the ground rules for the use of all systems and describes what is appropriate and what is inappropriate; it enables all other information security components to function correctly.

policies

By managing the __________, the organization can reduce unintended consequences by having a process to resolve potential conflict and disruption that uncoordinated change can introduce.

process of change

The ____ layer of the bull's-eye model includes computers used as servers, desktop computers, and systems used for process control and manufacturing systems.

systems